Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

In order to get to the DOS protection settings, we'll need to sign in to the Access Portal admin area → Settings → DOS Protection, or by using the following URL:/admin/settings?category=settings_dos_protection_category_header


Soft lockout users after the defined number of failed authentication requests in defined period - How many failed authentication requests should be allowed before a soft lockout should take place. This value should be lower than the value defined in AD for "Account lockout threshold".

Reset account lockout counter after (seconds) - How much time should pass before reset the soft lockout counter and allow the blocked account to try authenticate again. This value should be slightly higher than the value defined in your AD for "Reset account lockout counter after".

Block period (minutes) - The period in which an account will be blocked (Soft Lockout) from further failed login attempts from reaching the Active Directory.

Soft Lockout is activated after reaching a number of failed attempts during the period defined by the "Reset accuount lockout counter after" value.

Should be higher than the value defined in AD for "Reset account lockout counter after

Check DDoS on - Set who besides the Bastion would check for DDoS. Typically when SIP filter is installed on the Front End for Ethical Wall, you should disable DDoS validation on the Front End as it is done on the Edge server or disable both if you don't want DOS Protection on the SIP channel.

...

For this, you need to conform to one method of username pattern and define the other in Username blacklist in Authentication settings. 

Image Added